Just to be sure, I'm not asking how to create an awesome Brainwallet, but how to use one that is already awesome in the safest manner.

I like the allure of a Brainwallet: I can memorize something that is easier FOR ME to remember when compared with the private key.

Having said all that, what good is an amazing Brainwallet if you can't use it at will.

Would it be a good idea to recall that Brainwallet on a hot PC? Part of the beauty of a brainwallet is being able to recall it from memory in any place. I think most people will say no due to hot PCs possibly having keyloggers or other malware.

So, would it be okay to use on a cold PC, if that PC is never connected to the network? This would be a pain in the ass because then I would need to get another PC, and I'm currently broke.

And then, if the brainwallet is amazing and the PC being used to recall the keys is disconnected, then would I be safe?

Could I use that same brainwallet to receive bitcoins?

Could I safely withdraw funds from that brainwallet without compromising the original brainwallet?

I ask that last question because I've seen so many tutorials where people go through such an elaborate process with Armory, Electrum, saved Javascript websites, etc. on a cold PC that never connects, and as soon as they use that highly safe private key on a connected PC to do some business, that private key is immediately invalidated as having been compromised or exposed to the wild.

If I have to do that each time, what good is a brainwallet at all? What good is memorizing the private keys even? Is there a way to withdraw funds from a private key without exposing it to the wild??

That depends on how concerned you are about security. Once you type in the necessary details from your "brainwallet" on a "hot PC", you are immediately vulnerable to various malware including keyloggers.

So, would it be okay to use on a cold PC, if that PC is never connected to the network?

That depends on how concerned you are about security. Once you transmit a transaction, the public key of your "brainwallet" becomes public. You also have to be very careful when constructing your transaction and make sure that any change from the transaction is sent back to the "brainwallet" address.

And then, if the brainwallet is amazing and the PC being used to recall the keys is disconnected, then would I be safe?

That depends on what you mean by "safe". The private key would no longer be protected by RIPEMD-160 or SHA-256. You would reduce the levels of protection to only ECDSA. That isn't really a concern at the moment, but if there are new developments in the future that result in ECDSA becoming insecure, how confident are you that you'll hear about it and move your bitcoins before the exploit is used to take them from you? Furthermore, you'll be giving up some anonymity by continuously re-using the same address all the time as well. Is anonymity important to you?

Could I safely withdraw funds from that brainwallet without compromising the original brainwallet?

Not sure what you mean by "compromising", but as long as ECDSA remains secure and you use a computer that has never been and will never be connected to the internet to create your transactions, you should be ok.

I ask that last question because I've seen so many tutorials where people go through such an elaborate process with Armory, Electrum, saved Javascript websites, etc. on a cold PC that never connects, and as soon as they use that highly safe private key on a connected PC to do some business, that private key is immediately invalidated as having been compromised or exposed to the wild.

Correct. That would be because they want to maintain additional anonymity and want the full protection of ECDSA, SHA-256, and RIPEMD-160. Some of them are also concerned about the possibility of accidentally failing to send the full balance of the "change" back to the original paper wallet address.

Brainwallets are generally a pretty bad idea, but assuming for the moment that you manage to memorize something generated randomly with at least 160 bits of entropy, it would be good for long term storage of bitcoins that you don't expect to use for many months or years.

I thought that public addresses were meant to be exposed to the wild, so what harm is there in using the public key of your offline savings wallet?

I am mostly going through all of this to protect my offline savings wallet. Therefore, it's imperative that it be immortal, so things like corruptible files, shaky hardware, and physical copies like paper wallets won't do it for me. I only trust myself and I am very happy to know that all of my savings can be backed up in my head. This is the single greatest trait I see in Bitcoin, in my humble opinion.

I only considered Brainwallets because I can create a passphrase that can ultimately bankrupt the Brainwallet concept if it is ever compromised, and because it's easier for me to remember. But I am willing to memorize the private key if that is the safest and most secure method to retaining my savings in my head.

I just don't understand why using the public address of my offline savings wallet is such a problem in terms of security. I thought that was the part that was designed to be shared, and only the private key must never see anyone's eyes.

And if that is such a problem, aren't there ways around it? I have seen some very cumbersome and user-unfriendly tutorials on using proprietary software and transaction keys so that offline wallet keys never see the light of day. Is this the best security solution in tandem with memorizing one's private key??

I think Trezor is the solution to this; it offers security and also a brainwallet series of words that can be used to restore all the private keys in the event that the device is lost, stolen, or damaged.

What name would you give to the smallest unit of bitcoin (0.00000001)? sat. What name would you give to 100 sats? bit. 1 bit = 1 uBTC. 1,000,000 bits = 1 BTC. It's bits

I thought that public addresses were meant to be exposed to the wild, so what harm is there in using the public key of your offline savings wallet?

A public "bitcoin address" and a "public key" are not the same thing. When you receive bitcoins at an address for the first time, that address is protected by ECDSA, SHA-256, and RIPEMD-160. The address is public, but the public key is not yet public at that time. If, in the future, a weakness is discovered any one or two of those cryptographic algorithms, your balance will still be protected by the remaining algorithm giving you time to move to a new algorithm before anyone can take your bitcoins.

The first time you send any bitcoins that have been received at that address, you broadcast the public key. At that point, the private key is no longer protected by SHA-256 or RIPEMD-160. It is ONLY protected by ECDSA. Right now ECDSA is secure enough in most cases, so this isn't a concern, but for long term storage you'll want to consider the possibility that a weakness is discovered in ECDSA and you don't hear about it before an attacker does. If you've never sent any bitcoins that were received at the address it won't matter, since you are still protected by SHA-256 and RIPEMD-160. If you have sent those bitcoins and continued to re-use the address, then you've lost that additional protection.

If this doesn't concern or worry you, then you can go ahead and re-use your brain wallets. I just assumed that you were very concerned about security.

I am mostly going through all of this to protect my offline savings wallet. Therefore, it's imperative that it be immortal, so things like corruptible files, shaky hardware, and physical copies like paper wallets won't do it for me. I only trust myself and I am very happy to know that all of my savings can be backed up in my head. This is the single greatest trait I see in Bitcoin, in my humble opinion.

I suspect that paper will out-live you and your memory. Brain-wallets are typically one of the weaker traits of bitcoin. Most people don't chose a passphrase with enough entropy, and human beings are VERY bad at doing anything in a random way. We just aren't designed that way.

I have seen some very cumbersome and user-unfriendly tutorials on using proprietary software and transaction keys so that offline wallet keys never see the light of day. Is this the best security solution in tandem with memorizing one's private key??

Since I don't know which "cumbersome and user-unfriendly tutorials" you are talking about, I am unable to answer this question reliably.

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

What name would you give to the smallest unit of bitcoin (0.00000001)? sat. What name would you give to 100 sats? bit. 1 bit = 1 uBTC. 1,000,000 bits = 1 BTC. It's bits

A public "bitcoin address" and a "public key" are not the same thing. When you receive bitcoins at an address for the first time, that address is protected by ECDSA, SHA-256, and RIPEMD-160. The address is public, but the public key is not yet public at that time. If, in the future, a weakness is discovered any one or two of those cryptographic algorithms, your balance will still be protected by the remaining algorithm giving you time to move to a new algorithm before anyone can take your bitcoins.

The first time you send any bitcoins that have been received at that address, you broadcast the public key. At that point, the private key is no longer protected by SHA-256 or RIPEMD-160. It is ONLY protected by ECDSA. Right now ECDSA is secure enough in most cases, so this isn't a concern, but for long term storage you'll want to consider the possibility that a weakness is discovered in ECDSA and you don't hear about it before an attacker does. If you've never sent any bitcoins that were received at the address it won't matter, since you are still protected by SHA-256 and RIPEMD-160. If you have sent those bitcoins and continued to re-use the address, then you've lost that additional protection.

If this doesn't concern or worry you, then you can go ahead and re-use your brain wallets. I just assumed that you were very concerned about security.

Okay, I had no idea that the public key served as a protection mechanism. The way its presented to the laymen, it sounds like you can share your public address, and there will be no security breach if you keep the private key to yourself. Thank you for this bit of knowledge, but I doubt the majority of bitcoin users know about this nuance. Frankly speaking, how are they intending to build a secure digital network currency if the encryption method is due for a breach within its lifetime?

So my question then is, couldn't you use an offline wallet and use something like Armory to conduct offline transactions using proprietary keys? Wouldn't this prevent both your public and private keys of your offline saving wallets from ever being exposed?

Another idea: couldn't I just open up a separate offline wallet on my offline PC to send small funds to so that those bitcoins can be used freely? This also preserves the secure state of my offline savings wallet, correct?

I suspect that paper will out-live you and your memory. Brain-wallets are typically one of the weaker traits of bitcoin. Most people don't chose a passphrase with enough entropy, and human beings are VERY bad at doing anything in a random way. We just aren't designed that way.

I am not a big fan of paper, they are basically like paper money to me. In my eyes, it's tantamount to keeping cash in my mattress, or a safe which will targeted by hoodlums, or keeping it at a bank deposit, which I thought was the direction we were trying to steer away from with this new paradigm shift. Or it could just get lost or destroyed by fire.

I am a big fan of memory, that is the securest method in my opinion. As I'll explain later, I think my brainwallet passphrase is going to be amazing, so I can easily memorize it, while it would be nonsense to others. From there, I can share the brainwallet with my trusted family members in case anything happens to me.

I'm not sure what that means, but the brainwallet concept is a rather weak concept for the vast maority of users.

I agree, vast majority, but my circumstances put me in the category of those who will benefit most from a brainwallet, while significantly mitigating its risks. What I meant originally was that if my passphrase does get hacked, no one will ever be able to support a brainwallet ever again once I've shared my compromised passphrase on the internets.

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

Could I choose my own passphrase to do that? I don't trust those randomly generated passphrases.

But I want to be able to use a passphrase to pull up my private key without using software that could become deprecated or non-standard overtime. I would like to be able to recall my passphrase 40 years from now, and the standard generator will pull up my offline savings account without worry.

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

Could I choose my own passphrase to do that? I don't trust those randomly generated passphrases.

But I want to be able to use a passphrase to pull up my private key without using software that could become deprecated or non-standard overtime. I would like to be able to recall my passphrase 40 years from now, and the standard generator will pull up my offline savings account without worry.

just use brainwallet.org and save a copy of the site, should it go down.

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

Could I choose my own passphrase to do that? I don't trust those randomly generated passphrases.

But I want to be able to use a passphrase to pull up my private key without using software that could become deprecated or non-standard overtime. I would like to be able to recall my passphrase 40 years from now, and the standard generator will pull up my offline savings account without worry.

just use brainwallet.org and save a copy of the site, should it go down.

Ugh, but then what if the physical medium in which you are saving the website breaks down all at once? Maybe better to just memorize the private key.

Possibly, but IMHO about the wrong things. The weakest link in your reasoning is your memory. Many things could happen yo you (short of death itself) that compromise your memory. A mere blow to the head could suffice to cause sufficient brain damage to render your memory unreliable.

Brainwallets sound like a nice easy concept, but it is very hard to do this properly. DannyHamilton has given very good advice upthread. You really need to do the research to understand why this is so.

For example you have commented several times that you can do an offline transaction to transfer bitcoin without exposing your public keys. This shows ignorance of the workings of the bitcoin transaction mechanism. You have to broadcast that offline transaction to the network for it to take effect. At that point you have also exposed your public key since its an integral part of the transaction.

If you do decide to use brainwallet.org you need not worry about the website breaking down or becoming unavailable. That particular brainwallet simply uses a single sha256 hash of the passphrase to generate the private key. Any competent programmer can replicate that for you. But unless your awesome brainwallet scheme includes at least 192 bits of truly random entropy it will be less secure than a key generated by bitcoin-qt itself.

My advice. Use an officially supported wallet. Choose a good passphrase, write it down and lock it away in a safe or perhaps give it to your lawyers for safekeeping (being sure to advise them not to copy or expose it). Backup your wallet and keep copies in several safe places. Your biggest risk is relying on your memory alone.

Possibly, but IMHO about the wrong things. The weakest link in your reasoning is your memory.

I'd suggest that there are actually two VERY WEAK links in his plans.

The weakest is the human ability to come up with anything out of their own mind or body with more than 160 bits of entropy. He may think that his passphrase is going to be "amazing", and that if it ever shows up in a rainbow table then "one will ever be able to support a brainwallet ever again once he's shared his compromised passphrase on the internets", but I suspect that he's overconfident.

The next weak link, after his not so random passphrase, is his memory.

And to top it all off, he refuses to write it down to store it anywhere, but he plans to "share the brainwallet with my trusted family members in case anything happens to me". Almost certainly one of those "trusted family members" will be concerned that they might forget it, so it will be written down somewhere and he won't have control of the storage and safekeeping of that paper wallet. Wouldn't it be better to secure the paper wallet yourself and then share with trusted family members the information on how to access it if anything happens to you?

Frankly speaking, how are they intending to build a secure digital network currency if the encryption method is due for a breach within its lifetime?

There is no guarantee that ECDSA will ever be "breached", but there is no guarantee that it won't either. That is the nature of cryptography. A cryptographic function is secure until someone finds a way to make it insecure, then people move to a newer secure function. Fortuntately, as long as it is used properly, bitcoin layers 3 different cryptographic functions between your private key and your public address. It is extremely unlikely that a weakness will be found in all three functions simultaneously. This means there is time to replace a function in the protocol while bitcoins are still protected by the other two functions. Bitcoin can there fore grow and change to adapt to new cryptographic discoveries.

So my question then is, couldn't you use an offline wallet and use something like Armory to conduct offline transactions using proprietary keys? Wouldn't this prevent both your public and private keys of your offline saving wallets from ever being exposed?

Describe these "offline transactions"? Explain exactly how ownership of the bitcoins (which reside as an output on the blockchain) will be transfered to another individual using your "offline wallet and something like Armory" without the public key being exposed?

This also preserves the secure state of my offline savings wallet, correct?

That depends. Will you be spending/sending any of the bitcoins that are received at that offline savings wallet? Or will it be exclusively receiving bitcoins. As soon as you try to get any bitcoins out of that offline savings, you are back where we started.

So, you'd rather that the hoodlums attack you directly to get at your bitcoins than to attack a safe? You prefer to be beaten to a bloody pulp and tortured beyond belief for the sake of some money? Personally, I'd rather they just took my money and moved on. My life, and health are far more valuable to me than any amount of money could ever be.

One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.

No. It really doesn't. That is a bad idea. You want a good idea? Grab a handful of very well balanced dice (perhaps from your local casino?). Roll the dice a bunch of times (until you've rolled at least 62 dice) and then convert from base 6 to get a private key.

There is no guarantee that ECDSA will ever be "breached", but there is no guarantee that it won't either. That is the nature of cryptography. A cryptographic function is secure until someone finds a way to make it insecure, then people move to a newer secure function. Fortuntately, as long as it is used properly, bitcoin layers 3 different cryptographic functions between your private key and your public address. It is extremely unlikely that a weakness will be found in all three functions simultaneously. This means there is time to replace a function in the protocol while bitcoins are still protected by the other two functions. Bitcoin can there fore grow and change to adapt to new cryptographic discoveries.

If you say so, I don't know how people expect Bitcoin to thrive when somebody like me is being admonished for learning how to take the proper steps to utilize the full potential of its encryption methods. Most of this stuff would sound like nonsense to a mainstream crowd, let alone having to worry about changing encryption methods down the line when they've invested some of their time to learning how it actually works, if they even learned it at all. Hmmm, no wonder there are banks to take care of all of this for the commoners.

Describe these "offline transactions"? Explain exactly how ownership of the bitcoins (which reside as an output on the blockchain) will be transfered to another individual using your "offline wallet and something like Armory" without the public key being exposed?

Yeah, I really don't get it myself. The idea I think is so you don't have to use your private key on the hot PC?

This also preserves the secure state of my offline savings wallet, correct?

That depends. Will you be spending/sending any of the bitcoins that are received at that offline savings wallet? Or will it be exclusively receiving bitcoins. As soon as you try to get any bitcoins out of that offline savings, you are back where we started.

I see what you mean. Which means I'll have to come up with multiple brain wallets to maintain a true offline account. Hopefully, I wouldn't have to do that so many times.

Which has worked very well for many, many years. What is it about paper money that you don't like?

A paper wallet is basically a bundle of cash, correct? So I would basically be keeping a bundle of cash in my domicile or another residence. Yeah, it's a lot smaller and easier to maintain, but you're still keeping a ton of money in your home. Does anyone do this with conventional money except for drug dealers?

So, you'd rather that the hoodlums attack you directly to get at your bitcoins than to attack a safe? You prefer to be beaten to a bloody pulp and tortured beyond belief for the sake of some money? Personally, I'd rather they just took my money and moved on. My life, and health are far more valuable to me than any amount of money could ever be.

Well, I would give it up if I had to, that example was under the idea that the safe would be targeted without my presence.

And you can be 100% that none of them will go against your wishes behind your back and write it down so they don't forget it?

Not if it's easy for them to remember, yet nonsensical for others. Just so I don't give everything away, we would all speak some break-off dialect of some artificial language that only we know. But yes, I see what you're saying. I guess I'll have to come up with something clever in the meantime.

As mentioned earlier, I could use offline transactions, or set up another wallet as a middle man.

Which most likely demonstrates that you have no idea what you are talking about and are just making stuff up in hopes that you can do what you want without someone telling you that it is a bad idea.

Yes, I concede that. But now I have learned a bit more, and can understand where my original plan fails, which is what I wanted to accomplish with this thread. This has all been a great thought experiment so that I can come up with a better plan centered around a brainwallet and/or other methods.

One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.

No. It really doesn't. That is a bad idea. You want a good idea? Grab a handful of very well balanced dice (perhaps from your local casino?). Roll the dice a bunch of times (until you've rolled at least 62 dice) and then convert from base 6 to get a private key.

How is that a bad idea? Yeah, the dice sounds good, but typing something like this into a brain wallet is bad? :

onthunsoeahtueroah.crhu903409hu0244903gp02g2[93g[hu9[h239g23[9g29j0ud203gf2309g[192[3d0239[23.0,u02u3 (and so on, for as long as you want)

So you've learned nothing then? You still haven't even bothered to learn the difference between an address and a public key? Why do I even bother if you aren't going to make an effort?

I meant to say public key instead of public address. But yes, I am having a hard time grasping the difference between public key and an address. I'll make sure to study that thoroughly from here on out.

But if you think the mainstream public could understand all the caveats and nuances of Bitcoin's cryptograhy, then you got another thing coming.

My advice. Use an officially supported wallet. Choose a good passphrase, write it down and lock it away in a safe or perhaps give it to your lawyers for safekeeping (being sure to advise them not to copy or expose it). Backup your wallet and keep copies in several safe places. Your biggest risk is relying on your memory alone.

let alone having to worry about changing encryption methods down the line when they've invested some of their time to learning how it actually works, if they even learned it at all. Hmmm, no wonder there are banks to take care of all of this for the commoners.

Agreed. The average user will use a piece of software that has been thoroughly reviewed and certified as trustworthy, or they will use a bank.

Describe these "offline transactions"? Explain exactly how ownership of the bitcoins (which reside as an output on the blockchain) will be transfered to another individual using your "offline wallet and something like Armory" without the public key being exposed?

This also preserves the secure state of my offline savings wallet, correct?

That depends. Will you be spending/sending any of the bitcoins that are received at that offline savings wallet? Or will it be exclusively receiving bitcoins. As soon as you try to get any bitcoins out of that offline savings, you are back where we started.

I see what you mean. Which means I'll have to come up with multiple brain wallets to maintain a true offline account. Hopefully, I wouldn't have to do that so many times.

Which has worked very well for many, many years. What is it about paper money that you don't like?

A paper wallet is basically a bundle of cash, correct? So I would basically be keeping a bundle of cash in my domicile or another residence. Yeah, it's a lot smaller and easier to maintain, but you're still keeping a ton of money in your home. Does anyone do this with conventional money except for drug dealers?

And a brainwallet is basically a bundle of cash as well. So you would basically be keeping a bundle of cash on your person. Yeah, its not physical, but you're still keeping a ton of money on your person. Does anyone do this with conventional money except for drug dealers?

So, you'd rather that the hoodlums attack you directly to get at your bitcoins than to attack a safe? You prefer to be beaten to a bloody pulp and tortured beyond belief for the sake of some money? Personally, I'd rather they just took my money and moved on. My life, and health are far more valuable to me than any amount of money could ever be.

Well, I would give it up if I had to, that example was under the idea that the safe would be targeted without my presence.

So you prefer that the thief targets you directly rather than your safe?

or keeping it at a bank deposit, which I thought was the direction we were trying to steer away from with this new paradigm shift.

A paper wallet is absolutely nothing like that. Where did you get that idea?

I have seen people recommend saving paper wallets in bank vaults.

Sure, in which case the bank is exactly like a bank, but the paper wallet itself is not. Some people feel that a bank vault provides reasonable protection against theft. Those people keep their paper wallets in bank vaults. Others prefer not to. How to protect a paper wallet is a decision for each individual to make for themselves.

And your memory can't get lost or destroyed by fire? or illness? or fall or other injury? Just store two copies in two separate secure locations.

I could always encrypt my brainwallet with an audio message if worst came to worst. Of course, better methodologies can be thought up of compared to coming up with one on the spot in a forum post.

Sure. And you can encrypt your paper wallet with a password as well if you like. This seems to be getting away from the discussions of the intrinsically insecure nature of "brainwallets", and the importance of not reusing addresses.

As mentioned earlier, I could use offline transactions, or set up another wallet as a middle man.

Which most likely demonstrates that you have no idea what you are talking about and are just making stuff up in hopes that you can do what you want without someone telling you that it is a bad idea.

Yes, I concede that. But now I have learned a bit more, and can understand where my original plan fails, which is what I wanted to accomplish with this thread. This has all been a great thought experiment so that I can come up with a better plan centered around a brainwallet and/or other methods.

Glad I could help you understand better the issues surrounding your plans.

One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.

No. It really doesn't. That is a bad idea. You want a good idea? Grab a handful of very well balanced dice (perhaps from your local casino?). Roll the dice a bunch of times (until you've rolled at least 62 dice) and then convert from base 6 to get a private key.

How is that a bad idea?

Human beings are VERY BAD at doing anything in a random way. The harder they try to be random, the less random they tend to be:

In other words it would be unlikely anybody else would type that exact code in and get the same brain wallet results?

As Dan said, humans are a bad source of randomness.

For example your string above fails on several levels- you are using only a very small selection of characters from the available keyspace- there are several repetitions of sequences

From the line above alone I can conclude you most likely use a keyboard with french layout. Your left hand was hovering slighty above qsdf, your right hand was hovering over the lower part of the numpad, you moved the right hand over to the alphanumeric keys twice (once in the middle of the string and once near the end), you were subconsciously typing on the right hand with a rhythm of thumb-ring finger-index finger (producing the oft repeated 034 sequence), similarily you subconsciously used a rhythm of ring finger - middle finger - index finger with the left hand (producing the ZEF sequence)

Yeah, the dice sounds good, but typing something like this into a brain wallet is bad? :

onthunsoeahtueroah.crhu903409hu0244903gp02g2[93g[hu9[h239g23[9g29j0ud203gf2309g[192[3d0239[23.0,u02u3 (and so on, for as long as you want)

I'm not going to attempt the same analysis as greyhawk did on someone else's attempt at the same thing, but I will point out:

There are approximately 95 distinct characters you could have used. and yet after typing 101 characters, you have a very significant amount of repetition, and have only used 24 different characters.You also repeat several sequences multiple times.

I've said it multiple times now. Human beings are not good at randomness. We simply aren't wired that way. We are wired for patterns.

But if you think the mainstream public could understand all the caveats and nuances of Bitcoin's cryptograhy, then you got another thing coming.

No more than I expect them to understand all the caveats and nuances of the internet's protocols (such as TCP/IP, HTTP, FTP, UDP, etc) in order to use websites. Can you imagine what the internet would be like right now if use of it required a detailed understanding of all of the underlying protocols?

My only question is, if I have the public key: then it's just like entering a password, right? If I get it wrong, no harm, no foul? I could keep going on until I get it.

I'm not sure what you're asking. But if I'm guessing correctly, you can guess at the private key as many times as you like. Each guess will result in a new bitcoin address. Eventually if you guess the correct private key, you'll end up generating the bitcoin address that you expect and you can then use that private key to sign the transaction and broadcast it along with the public key.